@@ -725,7 +725,7 @@ void mptcp_token_destroy_request(struct request_sock *req);
int mptcp_token_new_connect(struct sock *sk);
void mptcp_token_accept(struct mptcp_subflow_request_sock *r,
struct mptcp_sock *msk);
-bool mptcp_token_exists(u32 token);
+bool mptcp_token_exists(const struct net *net, u32 token);
struct mptcp_sock *mptcp_token_get_sock(struct net *net, u32 token);
struct mptcp_sock *mptcp_token_iter_next(const struct net *net, long *s_slot,
long *s_num);
@@ -176,10 +176,12 @@ static int subflow_check_req(struct request_sock *req,
} while (subflow_req->local_key == 0);
if (unlikely(req->syncookie)) {
+ const struct net *net = read_pnet(&inet_rsk(req)->ireq_net);
+
mptcp_crypto_key_sha(subflow_req->local_key,
&subflow_req->token,
&subflow_req->idsn);
- if (mptcp_token_exists(subflow_req->token)) {
+ if (mptcp_token_exists(net, subflow_req->token)) {
if (retries-- > 0)
goto again;
SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_TOKENFALLBACKINIT);
@@ -203,7 +203,7 @@ void mptcp_token_accept(struct mptcp_subflow_request_sock *req,
spin_unlock_bh(&bucket->lock);
}
-bool mptcp_token_exists(u32 token)
+bool mptcp_token_exists(const struct net *net, u32 token)
{
struct hlist_nulls_node *pos;
struct token_bucket *bucket;
@@ -216,7 +216,8 @@ bool mptcp_token_exists(u32 token)
again:
sk_nulls_for_each_rcu(sk, pos, &bucket->msk_chain) {
msk = mptcp_sk(sk);
- if (READ_ONCE(msk->token) == token)
+ if (READ_ONCE(msk->token) == token &&
+ net_eq(sock_net(sk), net))
goto found;
}
if (get_nulls_value(pos) != (token & token_mask))
This will be used by a followup patch to check if the token specified in mp_join option exists in the current netns. At this time, tokens are unique across all namespaces, but we need to treat a token that exists in netns x as 'does not exist' when doing existence check from netns y. Signed-off-by: Florian Westphal <fw@strlen.de> --- net/mptcp/protocol.h | 2 +- net/mptcp/subflow.c | 4 +++- net/mptcp/token.c | 5 +++-- 3 files changed, 7 insertions(+), 4 deletions(-)